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(54) Method and system for digital information protection 



(57) A digital information protection scheme using an 
improved security protocol. In a system in which a user 
makes an access to a digital information provided by an 
information center (1) by connecting a computer card (3) 
owned by the user to an information terminal device (2) 
connected with the information center (1). a work key for 
encrypting a desired digital information is delivered from 
the information center (1) to the computer card (3) 
through the information terminal device (2). and the work 
key is registered in the computer card (3); the desired 

FIG.l 



digital information encrypted by the work key is delivered 
from the information center (1) to the information termi- 
naJ device (2); and an encrypted digital information deliv- 
ered from the information center (1) is decrypted at the 
information terminal device (2) by using the work key reg- 
istered in the computer card (3), and a decrypted digital 
information is provided to the user at the information ter- 
minal device (2). 
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Description 



BACKGROUND OF THE INVENTION 
Field of the Invention 



The present invention relates to a digital information 
protection scheme for preventing illegal duplications of 
digital information such as digital audio information, dig- 
ital visual information, digital computer program informa- 
tion, etc. 

Description of the Background Art 

In recent years, due to the advance of the high speed 
digital communication techniques such as ISDN and dig- 
ital information compression technique for speeches, 
dynamic images, still pictures, etc. (including MPEG 
(Moving Picture Experts Group) and JPEG (Joint Photo- 
graphic coding Experts Group), it has become possible 
to deliver the writings such as music, video, pictures, 
books, etc. to each user terminal from an information 
center through a communication channel, by converting 
them into digital information, and compressing and 
encoding the digital information. 

In this regard, there are known examples of a deliv- 
ery service utilizing a personal computer communica- 
tion, etc. for a computer software which requires smaller 
amount of data compared with the digital information 
such as video. However, this conventional software deliv- 
ery service utilizing a personal computer communica- 
tion, etc., does not encrypt the software to be delivered, 
so that there has been a problem that it provides an envi- 
ronment in which an illegal copying of the software is eas- 
ier compared with a usual software sale system using a 
package such as a floppy disk. 

On the other hand, there is a computer software sale 
system using a CD-ROM that has recently been prac- 
ticed in the U.S.A., in which a CD-ROM containing an 
encrypted main software and a non-encrypted software 
for demonstration is sold and distributed at low price, and 
when a user is satisfied with the trial on the software for 
demonstration, the user orders a purchase of the main 
software to a service center via the telephone, etc., in 
response to which the decryption key is notified to the 
user such that the user can use the encrypted main soft- 
ware on the purchased CD-ROM by decrypting it using 
the notified decryption key. ■**■■ 

However, this computer software sale system using 
a CD-ROM also has problems in that it requires a human 
action in acquiring the decryption key from the service 
center via the telephone, etc., and that a privacy of the 
user cannot be protected. Moreover, because of the 
involvement of the human action, there is a possibility for 
the illegal copying induced by the unlawful conduct such 
as the illegal disposition of the decryption key. 
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SUMMARY OF THE INVENTION 



It is therefore an object of the present invention to 
provide a digital information protection scheme in which 
5 the leakage of the digital information to the third party 
can be protected and the illegal copying of the digital 
information is difficult even for a legitimate user. 

According to one aspect of the present invention 
there is provided a method for digital information protec- 
10 tion in a system in which a user makes an access to a 
digital information provided by an information center, by 
connecting a computer card owned by the user to an 
information terminal device connected with the informa- 
tion center, the method comprising the steps of: (a) car- 
15 rying out a mutual authentication between the computer 
card and the information terminal device; (b) carrying out 
a user authentication by the computer card through the 
information terminal device; (c) sending an information 
request specifying the desired digital information of the 
20 user from the information terminal device to the informa- 
tion center by signing and encrypting an information 
identifier for identifying the desired digital information; (d) 
sending the work key for encrypting the desired digital 
information from the information center to the computer 
25 card by a cipher communication using a public key cryp- 
tosystem; (e) obtaining and registering the work key sent 
from the information center at the computer card, and 
sending a work key receipt signature from the computer 
card to the information center; (f) receiving a work key 
30 request message containing a random number from the 
information terminal device at the computer card, 
encrypting the work key according to the random 
number, and sending an encrypted work key from the 
computer card to the information terminal device; (g) 
35 encrypting the desired digital information specified by the 
information request by using the work key at the informa- 
tion center, and sending the encrypted digital information 
from the information center to the information terminal 
device; (h) receiving and decrypting the encrypted work 
40 key sent from the computer card so as to obtain the work 
key at the information terminal device, receiving and 
decrypting the encrypted digital information sent from 
the information center by using the work key, and provid- 
ing the decrypted digital information to the user at the 
45 information terminal device; and (i) sending an 
encrypted information receipt signature from the infor- 
mation terminal device to the information center, and 
recording the information request, the work key receipt 
signature, and the encrypted information receipt signa- 
so ture as a ground for charging at the information center. 

According to another aspect of the present invention 
there is provided a method for digital information protec- 
tion in a system in which a user makes an access to a 
digital information provided by an information center, by 
55 connecting a computer card owned by the user to an 
information terminal device connected with the informa- 
tion center, the method comprising the steps of: (a) car- 
rying out a mutual authentication between the computer 
card and the information terminal device; (b) carrying out 
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a user authentication by the computer card through the 
information terminal device; (c) sending an information 
request specifying the desired digital information of the 
user from the information terminal device to the informa- 
tion center by signing and encrypting an information 5 
identifier for identifying the desired digital information; (d) 
encrypting thedesired digital information specified by the 
information request by using the work key at the informa- 
tion center, and sending the encrypted dfigital information 
from the information center to the information terminal w 
device and the computer card; (e) receiving and storing 
the encrypted digital information sent from the informa- 
tion center at the information terminal device, and send- 
ing an information receipt signature from the computer 
card to the information center via the information termi- 15 
nal device; (f) delivering the work key for encrypting the 
desired digital information from the information center to 
the computer card, and obtaining and registering the 
work key sent from the information center at the compu- 
ter card, while returning a delivery certificate from the 20 
computer card to the information center; (g) receiving a 
work key request message containing a random number 
from the information terminal device at the computer 
card, encrypting the work key according to the random 
number, and sending an encrypted work key from the 25 
computer card to the information terminal device; (h) 
receiving and decrypting the encrypted work key sent 
from the computer card so as to obtain the work key at 
the information terminal device, decrypting the 
encrypted digital information stored in the information 30 
terminal device by using the work key, and providing the 
decrypted digital information to the user at the informa- 
tion terminal device; and (i) sending an encrypted infor- 
mation receipt signature from the information terminal 
device to the information center, and recording the infor- 35 
mation request, the encrypted information receipt signa- 
ture, and the delivery certificate as a ground for charging 
at the information center. 

According to another aspect of the present invention 
there is provided a method for digital information protec- 40 
tion in a system in which a user makes an access to a 
digital information provided by an information center, by 
connecting a computer card owned by the user to an 
information terminal device connected with the informa- 
tion center, the method comprising the steps of: deliver- 45 
ing a work key for encrypting a desired digital information 
from the information center to the computer card through 
the information terminal device, and registering the work 
key in the computer card; delivering the desired digital 
information encrypted by the work key from the informa- so 
tion center to the information terminal device; and 
decrypting an encrypted digital information delivered 
from the information center at the information terminal 
device by using the work key registered in the computer 
card, and providing a decrypted digital information to the ss 
user at the information terminal device. 

According to another aspect of the present invention 
there is provided a digital information protection system, 
comprising: an information center for providing a digital 



information; an information terminal device connected 
with the information center; and a computer card owned 
by a user, such that the user makes an access to the 
digital information provided by the information center by 
connecting the computer card to the information terminal 
device; wherein the information center, the information 
terminal device, and the computer card are adapted to: 
deliver a work key for encrypting a desired digital infor- 
mation from the information center to the computer card 
through the information terminal device, and register the 
work key in the computer card; deliver the desired digital 
information encrypted by the work key from the informa- 
tion center to the information terminal device; and 
decrypt an encrypted digital information delivered from 
the information center at the information terminal device 
by using the work key registered in the computer card, 
and provide a decrypted digital information to the user 
at the information terminal device. 

According to another aspect of the present invention 
there is provided an information center for a digital infor- 
mation protection system in which a user makes an 
access to a digital information provided by the informa- 
tion center by connecting a computer card owned by the 
user to an information terminal device connected with the 
information center, wherein the information center, the 
information terminal device, and the computer card are 
adapted to: deliver a work key for encrypting a desired 
digital information from the information center to the 
computer card through the information terminal device, 
and register the work key in the computer card; deliver 
the desired digital information encrypted by the work key 
from the information center to the information terminal 
device; and decrypt an encrypted digital information 
delivered from the information center at the information 
terminal device by using the work key registered in, the 
computer card, and provide a decrypted digital informa- 
tion to the user at the information terminal device; the 
information center comprising: information storage 
means for storing the digital information; communication 
control means for making a communication with the infor- 
mation terminal device; key generation means for gen- 
erating the work key; encryption means for encrypting 
the digital information by using the work key; public key 
cryptosystem means for encrypting the work key in order 
to make a cipher communication of the work key; and 
signature conversion means for providing a signature of 
the information center. 

According to another aspect of the present invention 
there is provided an information terminal device for a dig- 
ital information protection system in which a user makes 
an access to a digital information provided by an infor- 
mation center by connecting a computer card owned by 
the user to the information terminal device connected 
with the information center, wherein the information 
center, the information terminal device, and the compu- 
ter card are adapted to: deliver a work key for encrypting 
a desired digital information from the information center 
to the computer card through the information terminal 
device, and register the work key in the computer card; 
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deliver the desired digital information encrypted by the 
work key from the information center to the information 
terminal device; and decrypt an encrypted digital infor- 
mation delivered from the information center at the infor- 
mation terminal device by using the work key registered 5 
in the computer card, and provide a decrypted digital 
information to the user at the information terminal device; 
the information terminal device comprising: first commu- 
nication control means for making a communication with 
the information center; second communication control 
means for making a communication with the computer 
card; information storage means for storing the digital 
information; public cryptosystem means for encrypting 
the work key in order to make a cipher communication 
of the work key; signature conversion means for provid- 
ing a signature of the information terminal device; ran- 
dom number generation means for generating a random 
number; matching means for matching the random 
number generated by the random number generation 
means with a random number received from the compu- 
ter card; secret key storage means for storing a secret 
key of the information terminal device; decryption means 
for decrypting an encrypted work key and an encrypted 
digital information; and secrecy protection means for 
physically protecting a secrecy of the random number 
generation means, the matching means, the secret key 
storage means, and the decryption means. 

According to another aspect of the present invention 
there is provided a computer card for a digital information 
protection system in which a user makes an access to a 
digital information provided by an information center by 
connecting the computer card owned by the user to an 
information terminal device connected with the informa- 
tion center, wherein the information center, the informa- 
tion terminal device, and the computer card are adapted 
to: deliver a work key for encrypting a desired digital infor- 
mation from the information center to the computer card 
through the information terminal device, and register the 
work key in the computer card; deliver the desired digital 
information encrypted by the work key from the informa- 
tion center to the information terminal device; and 
decrypt an encrypted digital information delivered from 
the information center at the information terminal device 
by using the work key registered in the computer card, 
and provide a decrypted digital information to the user 45 
at the information terminal device; the computer card 
comprising: communication control means for making a 
communication with the information terminal device; 
public cryptosystem means for encrypting the work key 
in order to make a cipher communication of the work key; so 
signature conversion means for providing a signature of 
the computer card; and work key storage means for stor- 
ing the work key. 

Other features and advantages of the present inven- 
tion will become apparent from the following description ss 
taken in conjunction with the accompanying drawings. 



BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 is a schematic block diagram of an overall con- 
figuration for the first and second embodiments of a dig- 
ital information protection system according to the 
present invention. 

Fig. 2 is a block diagram of an internal configuration 
of an information center in the digital information protec- 
tion of Fig. 1. 

Fig. 3 is a block diagram of an internal configuration 
of an information terminal device in the digital information 
protection of Fig. 1 . 

Fig. 4 is a block diagrm of an internal configuration 
of a computer card in the digital information protection of 
Fig. 1. 

Fig. 5 is a diagrammatic illustration showing a pro- 
cedure for a mutual authentication between the informa- 
tion terminal device and the computer card in the digital 
information protection of Fig. 1 . 

Fig. 6 is a diagrammatic illustration showing a pro- 
cedure for a user authentication in the digital information 
protection of Fig. 1 . 

Fig. 7 is a diagrammatic illustration showing a pro- 
cedure for a user's selection in the digital information pro- 
tection of Fig. 1 . 

Fig. 8 is a diagrammatic illustration showing a pro- 
cedure for an information request in the digital informa- 
tion protection of Fig. 1. 

Fig. 9 is a diagrammatic illustration showing a pro- 
cedure for a key delivery and a key receipt signing in the 
digital information protection of Fig. 1 according to the 
first embodiment. 

Fig. 10 is a diagrammatic illustration showing a pro- 
cedure for a work key WK request in the digital informa- 
tion protection of Fig. 1 according to the first 
embodiment. 

Fig. 1 1 is a diagrammatic illustration showing a pro- 
cedure for an information delivery and an information uti- 
lization in the digital information protection of Fig. 1 
according to the first embodiment. 

Fig. 12 is a diagrammatic illustration showing a pro- 
cedure for an information delivery and storage and an 
information center authentication in the digital informa- 
tion protection of Fig. 1 according to the second embod- 
iment. 

Fig. 13 is a diagrammatic illustration showing a pro- 
cedure for a signing and a delivery certification prepara- 
tion in the digital information protection of Fig. 1 
according to the second embodiment. 

Fig. 14 is a diagrammatic illustration showing a pro- 
cedure for a key delivery and a delivery certification in 
the digital information protection of Fig. 1 according to 
the second embodiment. 

Fig. 15 is a diagrammatic illustration showing a pro- 
cedure for an information utilization in the digital informa- 
tion protection of Fig. 1 according to the second 
embodiment when an information to be utilized is stored 
in the information terminal device. 
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Fig. 16 is a diagrammatic illustration showing a pro- 
cedure for an information utilization in the digital informa- 
tion protection of Fig. 1 according to the second 
embodiment when an information to be utilized is not 
stored in the information terminal device. 5 

DETAILED DESCRIPTION OF THE PREFERRED 
EMBODIMENTS 

Referring now to Fig. 1 to Fig. 1 1 , the first embodi- 10 
ment of the digital information protection system accord- 
ing to the present invention will be described in detail. 

In this first embodiment, the digital information pro- 
tection system has an overall configuration as shown in 
Fig. 1 , which comprises an information center 1 , an irrfor- 75 
mation terminal device 2 connected with the information 
center 1 . and a computer card 3 to be connected to the 
information terminal device 2. In addition, there is also 
provided a certificate authority 4 which will be necessary 
only in a preliminary stage at a time of utilizing the public 20 
key cryptosystem as will be described below. 

The information center 1 stores a large number of 
digital information supplied from information providers, 
and manages them in a manner of a database. 

The information terminal device 2 is equipped with 25 
an image display device, a speech output device, etc. 
necessary in utilizing the digital information, and pro- 
vided at a home of each user. The information center 1 
and the information terminal device 2 are connected 
through a communication network such that they can 30 
communicate with each other through the communica- 
tion network. 

The computer card 3 is to be detachably connected 
to the information terminal device 2, and capable of inter- 
nally storing data indicating a trade content regarding 35 
which information has been purchased. This computer 
card 3 is owned by each user, and each user can utilizes 
the purchased digital information (such as video, music, 
etc.) by sending it from the information center 1 to the 
information terminal device 2 by connecting this compu- 40 
ter card 3 to the information terminal device 2. 

The information center 1 has an internal configura- 
tion as shown in Fig. 2, which includes: an information 
input unit 1 1 for entering an information to be utilized; an 
information storage unit 1 2 for storing the information to 45 
be utilized; an information encryption unit 13 for encrypt- 
ing the information to be utilized; a WK generation unit 
14 for generating a work key WK to be used at a time of 
encrypting the information to be utilized; a public conver- 
sion unit 1 5 for encrypting the work key WK; a signature so 
conversion unit 16 for converting a signature to indicate 
that the encrypted work key WK belongs to the informa- 
tion center 1 ; a memory 1 7 for storing a public key of the 
information center 1 , a certificate of the public key issued 
by the certificate authority 4, intermediate results of com- 55 
putations, etc.; a CPU 18 for controlling the information 
center 1 as a whole and executing the hash algorithm; a 
public key verification unit 19 for verifying the public key 



of the computer card 3, etc.; and a network input/output 
unit 20 for carrying out exchanges with the network. 

The information terminal device has an internal con- 
figuration as shown in Fig. 3, which includes: a card 
input/output unit 21 for carrying out exchanges with the 
computer card 3; a decryption key extraction unit 22 for 
carrying out the decryption of the public key cryptosys- 
tem; an information decryption unit 23 for carrying out 
the decryption of the information to be utilized; an infor- 
mation output unit 24 for outputting the decrypted infor- 
mation; an image display device 25a; a speech output 
device 25b; a secret protection mechanism 26 for phys- 
ically protecting the secrecy of the decryption key extrac- 
tion unit 22, the information decryption unit 23, and the 
information output unit 24; an information storage unit 27 
for storing the information to be utilized in an encrypted 
state; a network input/output unit 28 for carrying out 
exchanges with the network; a memory 29 for storing a 
public key of the information terminal device 2, the cer- 
tificate of the public key issued by the certificate authority 
4, intermediate results of computations, etc.; a CPU 30 
for controlling the information terminal device 2 as a 
whole and executing the random number generation and 
the hash algorithm. 

The computer card 3 has an internal configuration 
as shown in Fig. 4, which includes: a publictkey verifica- 
tion device 3 1 for verifying the public key as a proper one 
according to the certificate issued by the certificate 
authority 4; a public key cryptosystem device 32 r for 
applying the encryption and the signature conversion; a 
communication device 33 for making a communication 
with the information terminal device 2; a password 
matching device 34 for carrying out the password match- 
ing for the user authentication; a decryption key registra- 
tion device 35 for registering the decryption key of the 
purchased information; a memory 36 for storing a public 
key of the computer card 3, the certificate of the public 
key issued by the certificate authority 4, intermediate 
results of computations, etc.; a CPU 37 for controlling 
the computer card 3 as a whole and executing the ran- 
dom number generation, etc.; a voltage monitoring 
device 38 for monitoring a voltage necessary in main- 
taining data such as the secret key, etc.; and a battery 
39 as a back-up power source. 

This digital information protection system of the first 
embodiment is operated according to the following infor- 
mation utilization protocol based on the digital informa- 
tion protection scheme of the present invention. 

(Preparatory set up) 

In the following, a conversion for encrypting a mes- 
sage M by a key K to obtain an encrypted message C 
will be denoted as C = EK(M). and a conversion for 
decrypting the encrypted message C to obtain the orig- 
inal message M will be denoted as M = DK(C). In partic- 
ular, in a case of utilizing the public key cryptosystem, 
the encryption will be denoted as C = EK P (M) and the 
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decryption will be denoted as M = DK S (C). The latter can 
also be used as the signature conversion as well. 

The computer card 3 registers in advance its identi- 
fier IDy, its public key K PU , a certificate X PU of the public 
key K PU , a public key K PC of the certificate authority 4, 
and its secret key K su , where the secret key K su in par- 
ticular is registered into a write only region within the pub- 
lic key cryptosystem device 32 which is a protected area 
that cannot be read out freely. The certificate X PU is 
obtained as X PU = DK SC (K PU ) when the public key K PU 
is authenticated by the certificate authority 4, where the 
K S c >s a secret key of the certificate authority 4 which is 
kept in secret at the certificate authority 4. 

Similarly, the information terminal device 2 registers 
in advance its identifier ID S , its public key K PS , a certifi- 
cate X PS of the public key K PS , a public key K PC of the 
certificate authority 4, and its secret key K ss , while the 
information center 1 registers in advance its identifier 
ID M , its public key K PM , a certificate X PM of the public 
ke Y k pm» a Public key K PC of the certificate authority 
center 4, and its secret key K SM . Also, the computer card 
3 registers data (such as a password) for authenticating 
the user in a state that cannot be read out illegally, by 
encrypting it for example. 

(Mutual authentication between the computer card 3 and 
the information terminal device 2) 

First, the mutual authentication between the compu- 
ter card 3 and the information terminal device 2 is carried 
out according to the procedure shown in Fig. 5 as follows. 

When the computer card 3 is connected to the infor- 
mation terminal device 3 by being inserted therein, the 
random number R, the public key K PS of the information 
terminal device 2 and its certificate X PS , and the identifier 
ID S of the information terminal device 2 are sent from the 
information terminal device 2 to the computer card 3. 

Then, the computer card 3 judges whether the public 
key K PS of the information terminal device 2 is a proper 
one or not by certifying that the public key K PS of the 
information terminal device 2 and its certificate X PS are 
consistent, by utilizing the public key K PC of the certifi- 
cate authority 4 registered therein. When it is judged as 
a proper one, the signature encryption conversion is 
applied to the random number R sent from the informa- 
tion terminal device 2, and T = EK PS (DK SU (R)) or 
DK SU (EK PS (R)), the public key K PU of the computer card 
3 and its certificate X PU , and the identifier \D U oithe com- 
puter card 3 are sent from the computer card 3 to the 
information terminal device 2. 

The information terminal device 2 certifies that the 
public key K PU of the computer card 3 is a proper one by 
utilizing the public key K PC of the certificate authority 4 
registered therein, and then judges whether the con- 
nected computer card 3 is correctly that of the identifier 
I Dy or not by certifying whether T sent from the computer 
card 3 is consistent with R sent to the computer card 3. 



Here, when this certification fails (i. e., a result is NG), 
the information terminal device 2 indicates an error and 
ejects the computer card 3. 

5 (User authentication) 

Next, the user authentication is carried out accord- 
ing to the procedure shown in Fig. 6 as follows. 

The user enters a password Pswd into the informa- 
10 tion terminal device 2, and the information terminal 
device 2 sends the entered password Pswd to the com- 
puter card 3 to judge whether the entered password 
Pswd is a correct one coinciding with the password reg- 
istered in the computer card 3 in advance. When the 
15 entered password Pswd is a correct one, it is judged that 
the user is a proper user, and a menu data is displayed 
to the user. 

In this procedure, the password input errors are 
allowed for a prescribed number of times, such as three 
20 times, and when the password input was tried three times 
unsuccessfully, the error processing to indicate an error 
and eject the computer card 3 is carried out as there is 
a possibility for this user to be an improper user. In addi- 
tion, when this error processing caused by three unsuc- 
25 cessful trials is repeated for a prescribed number of 
times, such as five times, this user is judged as an 
improper user and the computer card 3 is invalidated. 

Here, it is also possible to use different user authen- 
tication schemes. For example, it is possible to use a 
30 scheme in which the predetermined password is 
encrypted and stored in the computer card 3. and 
whether an encrypted result of the character string 
entered at the information terminal device 2 coincides 
with the stored encrypted password or not is checked, or 
35 whether the character string entered at the information 
terminal device 2 coincides with a decryption result of 
the stored encrypted password or not is checked. 

It is also possible to use a scheme in which the pre- 
determined password is stored in the computer card 3 
40 either in an encrypted state or in a non-encrypted state, 
the character string entered at the information terminal 
device 2 is communicated from the information terminal 
device 2 to the computer card 3 by means of the cipher 
communication, whether the communicated character 
45 string coincides with the stored one or not is checked at 
the computer card 3, a parity of a random number gen- 
erated according to whether the communicated charac- 
ter string coincides with the stored one or not is adjusted 
in the known manner, and this random number is corn- 
so municated from the computer card 3 to the information 
terminal device 2 by means of the cipher communication. 

ft is also possible to use a scheme in which the pre- 
determined password is stored in the computer card 3 
either in an encrypted state or in a non-encrypted state, 
55 a sum or an exclusive OR of the character string entered 
at the information terminal device 2 and a random 
number generated at the information terminal device 2 
is calculated, this calculation result is communication 
from the information terminal device 2 to the computer 
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card 3 by means of the cipher communication, a differ- 
ence or an exclusive OR of the communicated calcula- 
tion result and the password registered in advance is 
calculated at the computer card 3 and an obtained value 
is returned from the computer card 3 to the information 5 
terminal device 2, and whether the returned value coin- 
cides with the generated random number or not is 
checked at the information terminal device 2. 



(User's selection) 

Next, the user s selection is carried out according to 
the procedure shown in Fig. 7 as follows. 

Namely, the user selects the desired information 
from the menu data displayed by the information terminal 
device 2. 

(Information request) 

Next, the information request is carried out accord- 
ing to the procedure shown in Fig. 8 as follows. 

The information terminal device 2 sends a set RKX 
including the information identifier Req for the informa- 
tion selected by the user (which can be given by an inter- 
nationally valid code such as an international recording 
code ISRC for the music information, or an identification 
number assigned by the information provider that can 
uniquely identify the information, etc.). and the public key 
K PM of the information center 1 and its certificate X PM , 
to the computer card 3. 

Then, the computer card 3 certifies that the public 
kev k pm of toe information center 1 and its certificate X PM 
are consistent by using the public key K PC of the certifi- 
cate authority 4 registered therein, signs Req, and 
obtains RQS = DK su (Req). Then, the computer card 3 
encrypts this RQS by the public key K PM of the informa- 
tion center 1 to obtain R a = EK PM (RQS), and sends this 
Ry to the information terminal device 2. 

When R u is received, the information terminal 
device 2 sends this Ry along with the public key K PU of 
the computer card 3 and its certificate X PU to the infor- 
mation center 1 . Then, the information center 1 certifies 
that the public key K PU of the computer card 3 and its 
certificate X PU that are sent from the information terminal 
device 2 are consistent, and obtains RQS = DK SM (Ru). 
Then, the information center 1 obtains Req = 
EK PU (RQS), and retrieves the information specified by 
the obtained Req. 

<Key delivery and key receipt signing) 

Next, the key delivery and the key receipt signing are 
carried out according to the procedure shown in Fig. 9 
as follows. 

The information center 1 generates the work key WK 
for encrypting the information to be utilized, encrypts this 
work key WK by the public key K PU of the computer card 
3, signs C K = EK PU (WK), and sends this C K along with 
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SK M = DK sm (Ck) to the computer card 3 via the informa- 
tion terminal device 2. 

Then, the computer card 3 verifies whether the sig- 
nature is correct or not, obtains the work key WK by 
decrypting C K , and sends S u = DK SU (SK M ) to the infor- 
mation center 1 via the information terminal device 2 as 
a receipt signature for the work key WK. Meanwhile, the 
obtained work key WK is stored in the computer card 3 
along with the information identifier Req in a state that 
cannot be read out illegally, by encrypting it for example. 

(Work key WK request) 

Next, the work key WK request is carried out accord- 
ing to the procedure shown in Fig. 10 as follows. 

Namely, after the information terminal device 2 sent 
Su to the information center 1 , the information terminal 
device 2 sends a WK request message ReqW containing 
a random number r to the computer card 3. 

(Information delivery and information utilization) 



Next, the information delivery and the information 
utilization are carried out according to the procedure 
25 shown in Fig. 1 1 as follows. 

The computer card 3 concatenates the: random 
number r contained in the WK request message ReqW 
and the work key WK, encrypts them by the public key 
K PS of the information terminal device 2, and sends the 
30 resulting V = EK PS (WK, r) to the information terminal 
device 2. 

Then, at the information terminal device 2, after V is 
decrypted by using the secret key K ss of the information 
terminal device 2, whether the random number r coin- 

35 cides with that contained in the WK request message 
ReqW or not is checked, and the work key WK is set. 

On the other hand, when the work key receipt sig- 
nature Sy is received, the information center 1 divides 
the information I into processing units, encrypts each 

40 processing unit of this information I by the work key WK, 
applies a hash function h() to C = EWK(I), signs this h(C), 
and sends C and SI M = DK SM (h(C)) to the information 
terminal device 2. Then, the information terminal device 
2 verifies that this signature is correct, and decrypts the 

45 encrypted information C. 

Here, the secrecy is physically maintained from a 
device for decrypting by using the secret key K^ to a 
device for decrypting by using the work key WK. To this 
end, this section, i.e., the secret protection mechanism 

so 26 of the information terminal device 2 shown in Fig. 3, 
can be set in a safe box and sealed, or it is possible to 
adopt a scheme disclosed in R. Mori and M. Kawahara: 
"Superdistribution: The concept and the Architecture", 
Trans. IEICE. Vol. E73. No. 7, pp. 1 133-1 146, July 1990. 

55 When C is decrypted, a signature of the information 
terminal device 2 is attached to it, and ACK = DK ss (h(Q) 
is returned to the information center 1. Then, the infor- 
mation center 1 certifies that ACK is a proper one, and 
records R y , S u , and ACK as a ground for charging. The 
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information center 1 then continues the processing for 
the next processing unit after the return of ACK is con- 
firmed. 

As described, according to this first embodiment, the 
encrypted information itself and the decryption key are 5 
separated while the decryption key is safely stored within 
the computer card 3. As a result, the information will not 
be leaked to the third party because the information is 
delivered in an encrypted state, and the illegal copying 
will be difficult because the decryption key is confined 10 
within the computer card 3 and it is difficult even for the 
legitimate user to learn the decryption key while the 
decryption of the information and the decryption of the 
work key WK are carried out at devices which are phys- 
ically sealed within the information terminal device 2. 15 

Consequently, it is possible to construct a system 
that can be utilized by the information provider without 
any anxiety. In addition, there is no disadvantage from 
the user's standpoint, and the desired information can 
he utilized by making an access to the information center 20 
even when it is not available at the information terminal 
device located nearby, so that there is an advantage that 
the information becomes available from any information 
terminal device. 

Referring now to Fig. 12 to Fig. 16, the second 25 
embodiment of the digital information protection system 
according to the present invention will be described in 
detail. 

In this second embodiment, the digital information 
protection system has an overall configuration similar to 30 
that of the first embodiment shown in Fig. 1 . In this sec- 
ond embodiment, the information center 1 has an inter- 
nal configuration similar to that shown in Fig. 2 described 
above except that the CPU 1 8 also executes an informa- 
tion conversion for the delivery certification. Also, the 35 
information terminal device 2 has an internal configura- 
tion substantially similar to that shown in Fig. 3 described 
above. Also, the computer card 3 has an internal config- 
uration similar to that shown in Fig. 4 described above 
except that the CPU 37 also executes an information 40 
conversion for the delivery certification. 

This digital information protection system of the sec- 
ond embodiment is operated according to the following 
information utilization protocol based on the digital infor- 
mation protection scheme of the present invention. 45 

(Preparatory set up> 

In this second embodiment, the computer card 3 
registers in advance its identifier ID U( its public key K PU , so 
a certificate X PU of the public key K PU , a public key K PC 
of the certificate authority 4, its secret key K su , a secret 
information S, and a public information n', where the 
secret key K su and the secret information S in particular 
are registered into a write only region within the public 55 
key cryptosystem device 32 which is a protected area 
that cannot be read out freely. Here, IDu, S, and n' have 
a relationship of \D U = mod n\ and n' is a product of 



two large prime numbers which has a size of several hun- 
dred bits. 

The rest of the preparatory set up is substantially 
similar to that of the first embodiment described above. 

(Mutual authentication between the computer card 3 and 
the information terminal device 2) 

First, the mutual authentication between the compu- 
ter card 3 and the information terminal device 2 is carried 
out substantially as the procedure shown in Fig. 5 
described above. 

(User authentication) 

Next, the user authentication is carried out substan- 
tially as the procedure shown in Fig. 6 described above. 

(User's selection) 

Next, the user's selection is carried out substantially 
as the procedure shown in Fig. 7 described above. 

(Information request) 

Next, the information request is carried out substan- 
tially as the procedure shown in Fig. 8 described above. 

(Information delivery and storage, and information center 
authentication) 

Next, the information delivery and storage and the 
information center authentication are carried out accord- 
ing to the procedure shown in Fig. 12 as follows. 

The information center 1 generates the work key WK 
for encrypting the information I to be utilized and 
encrypts this information I to obtain C = EWK(I), and 
stores this encrypted information C in the information 
storage unit 12. Also, in order to indicate that this 
encrypted information C is surely what is sent out from 
the information center 1 , a signature of the information 
center 1 is attached to this encrypted information C. 
Here, the attaching of the signature to the entire 
encrypted information is inefficient, so that the signature 
is attached with respect to h(C) in which the amount of 
C is reduced by the one-way random hash algorithm h 
in a manner of SI M = DK SM (h(C)). Then, the information 
center 1 sends C and SI M obtained in this manner to the 
information terminal device 2. 

The information terminal device 2 then applies the 
hash algorithm h to the encrypted information C received 
from the information center 1 to obtain h(C), and sends 
this h(C) along with the SI M received from the information 
center 1 to the computer card 3. 

The computer card 3 then verifies whether this sig- 
nature is correct or not by checking whether EK PM (SI M ) 
coincides with h(C) by using the public key K PM of the 
information center 1 , and registers the information iden- 
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tifier Req, and the encrypted identifier ID S of the infor- 
mation terminal device 2. 

{Signing and delivery certification preparation) 

Next, the signing and the delivery certification prep* 
aration are carried out according to the procedure shown 
in Fig. 13 as follows. 

The computer card 3 signs the hashed and 
encrypted information h(C) by using the secret key K su 
of the computer card 3 in order to notify the information 
center 1 that the encrypted information C has been 
stored in the information terminal device 2 in a manner 
of S y = DK su (h(C)), and sends this Sy to the information 
center 1 via the information terminal device 2. 

The information center 1 then verifies whether this 
signature S u is correct or not by checking whether 
EKpu(Su) coincides with h(C). 

Next, for the purpose of the delivery certification, the 
computer card 3 generates a random number ^ (i = 0, 1 , 

. t-1) and obtains X { = \D U " mod n\ and sends XX = 
( x 0l x il |X M ) to the information center 1 via the infor- 
mation terminal device 2, where t is a number of bits in 
the work key WK, and a symbol | denotes a concatena- 
tion. 

<Key delivery and delivery certification) 

Next, the key delivery and the delivery certification 
are carried out according to the procedure shown in Fig. 
14 as follows. 

The information center 1 obtains EE = WK || h(XX, 
RQS) from XX, RQS, and WK, where a symbol || denotes 
an exclusive OR for each bit, and then divides this EE bit 
by bit and sets each bit as ej (i = 0, 1 , : . , t-1). 

Then, the information center 1 sends e 0 to the com- 
puter card 3 first. In response, the computer card 3 cal- 
culates Y 0 = S (r0 + e0 > mod n* from the received e 0 , and 
returns this Y 0 to the information center 1. Here, S is 
defined such that IDy = S2 mod n' holds. 

When Y 0 is received from the computer card 3, the 
information center 1 verifies whether Y 0 2 = iDy 9 * 3 ■ X 0 
(mod n) holds or not. When this relationship holds, the 
information center 1 sends ei to the computer card 3 
next, and carries out the verification for in the similar 
manner. This operation is repeated for t times, until Y t _-, 
is verified. After Y M is verified, the information center 1 
records R 0 , S u , e h and Yj (i = 0. 1 , , t-1) as theground 
for charging. 

On the other hand, the computer card 3 obtains EE 
by concatenating the received e t as EE = (e^e^ |e t . 
0, obtains WK from this EE as WK = EE || h(XX, RQS), 
and registers this WK in correspondence to Req and ID S 

It is to be noted that in the above procedure, a man- 
ner of sending ej bit by bit has been described as a simple 
manner of sending e it but it is also possible to send some 
number of bits together instead. 



{Information utilization) 

Next, in a case the information to be utilized is stored 
in the information terminal device 2, the information uti- 

5 lization is carried out according to the procedure shown 
in Fig. 1 5 as follows. 

When the user utilizes the information, the computer 
card 3 is connected to the information terminal device 2 
and this information terminal device 2 is operated. At this 
w point, the WK request message ReqW containing a ran- 
dom number r is sent from the information terminal 
device 2 to the computer card 3. Then, the computer card 
3 concatenates the random number r contained in the 
WK request message ReqW and the work key WK, 

75 encrypts them by the public key K PS of the information 
terminal device 2, and sends the resulting V = EK PS (WK, 
r) to the information terminal device 2. 

Then, at the information terminal device 2, after V is 
decrypted by using the secret key Kqq of the information 

20 terminal device 2, whether the random number r coin- 
cides with that contained in the WK request message 
ReqW or not is checked, and the work key WK is set. 
Then, the information terminal device 2 decrypts the 
encrypted information C stored therein by using this work 

25 key WK to put the information in a utilizable state. 

Here, the secrecy is physically maintained from a 
device for decrypting by using the secret key K ss to a 
device for decrypting by using the work key WK. To this 
end, this section, i.e., the secret protection mechanism 

30 26 of the information terminal device 2 shown in Fig. 3, 
can be set in a safe box and sealed, or it is possible to 
adopt a scheme disclosed in R. Mori and M. Kawahara: 
"Superdistribution: The concept and the Architecture", 
Trans. IEICE, Vol. E73, No. 7, pp. 1 133-1 146, July 1990. 

35 In this manner, the legitimate user can utilize the 
information stored in the information terminal device 2 
whenever necessary, as long as the user has the proper 
computer card 3. 

40 {Information utilization in a case the information to be uti- 
lized in not in the information terminal device 2) 

Next, in a case the information to be utilized is not 
stored in the information terminal device 2, the informa- 

45 tion utilization is carried out according to the procedure 
shown in Fig. 16 as follows. 

After the information request is made according to 
the procedure of Fig. 8 described above, the computer 
card 3 checks whether that information identifier Req is 

so registered therein or not. H this information identifier Req 
is registered, the information terminal device identifier 
ID S * corresponding to this information identifier Req is 
sent to the currently connected information terminal 
device 2 with the identifier ID S . In response, this infer ma- 

55 tion terminal device 2 with the identifier ID S sends the 
information identifier Req to another information terminal 
device 2' with the identifier ID S ' to have the encrypted 
information C transferred from this another information 
terminal device 2'. Thereafter, the information utilization 
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according to the procedure shown in Fig. 15 described 
above is carried out with respect to this encrypted infor- 
mation C. 

Alternatively, it is also possible to use the following 
procedure for utilizing the information while the informa- 5 
Won is transferred. Namely after S u is sent out to the 
information center 1, the information terminal device 2 
sends the WK request message ReqW containing a ran- 
dom number r to the computer card 3. Then, the compu- 
ter card 3 concatenates the random number r contained 10 
in the WK request message ReqW and the work key WK, 
encrypts them by the public key K PS of the information 
terminal device 2, and sends the resulting V = EK PS (WK, 
r) to the information terminal device 2. 

Then, at the information terminal device 2, after V is is 
decrypted by using the secret key K ss of the information 
terminal device 2, whether the random number r coin- 
cides with that contained in the WK request message 
ReqW or not is checked, and the work key WK is set. 
Then, the information terminal device 2 decrypts the 20 
encrypted information C by using this work key WK to 
put the information in a utilizable state, and returns ACK 
to the computer card 3 in order to indicate that the work 
key WK has been received. At this point, it is also possi- 
ble for the information terminal device 2 to store the infor- 25 
mation while the information is decrypted. 

As described, according to this second embodi- 
ment, in addition to the advantages that the information 
will not be leaked to the third party and the illegal copying 
will be difficult as in the first embodiment described 30 
above, it also becomes possible to surely and accurately 
charge the information by means of the delivery certifi- 
cation data. 

Consequently, it is also possible to construct a sys- 
tem that can be utilized by the information provider with- 35 
out any anxiety. In addition, there is no disadvantage 
from the user's standpoint, and the desired information 
can be utilized by making an access to the information 
center even when it is not available at the information 
terminal device located nearby, so that there is an advan- 40 
tage that the information becomes available from any 
information terminal device. 

It is to be noted that the first and second embodi- 
ments described above have been directed to a case of 
utilizing the public communication channel such as 45 
ISDN, but the present invention is equally applicable to 
a case of using the connection-less channel such as a 
dedicated line. 

It is also to be noted that the applicability of the 
present invention is not limited to the computer software, so 
and extends to all kinds of a digital information delivery 
utilizing the communication of the encrypted digital infor- 
mation. 

It is also to be noted that, besides those already 
mentioned above, many modifications and variations of ss 
the above embodiments may be made without departing 
from the novel and advantageous features of the present 
invention. Accordingly, all such modifications and varia- 



tions are intended to be included within the scope of the 
appended claims. 

Claims 

1 . A method for digital information protection in a sys- 
tem in which a user makes an access to a digital 
information provided by an information center, by 
connecting a computer card owned by the user to 
an information terminal device connected with the 
information center, the method comprising the steps 
of: 

(a) carrying out a mutual authentication 
between the computer card and the information 
terminal device; 

(b) carrying out a user authentication by the 
computer card through the information terminal 
device; 

(c) sending an information request specifying 
the desired digital information of the user from 
the information terminal device to the informa- 
tion center by signing and encrypting an infor- 
mation identifier for identifying the desired 
digital information; 

(d) sending the work key for encrypting the 
desired digital information from the information 
center to the computer card by a cipher commu- 
nication using a public key cryptosystem; 

(e) obtaining and registering the work key sent 
from the information center at the computer 
card, and sending a work key receipt signature 
from the computer card to the information 
center; 

(0 receiving a work key request message con- 
taining a random number from the information 
terminal device at the computer card, encrypt- 
ing the work key according to the random 
number, and sending an encrypted work key 
from the computer card to the information ter- 
minal device; 

(g) encrypting the desired digital information 
specified by the information request by using 
the work key at the information center, and 
sending the encrypted digital information from 
the information center to the information termi- 
nal device; 

(h) receiving and decrypting the encrypted work 
key sent from the computer card so as to obtain 
the work key at the information terminal device, 
receiving and decrypting the encrypted digital 
information sent from the information center by 
using the work key, and providing the decrypted 
digital information to the user at the information 
terminal device; and 

(i) sending an encrypted information receipt sig- 
nature from the information terminal device to 
the information center, and recording the infor- 
mation request, the work key receipt signature, 
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and the encrypted information receipt signature 
as a ground for charging at the information 
center. 

2. The method of claim 1 , wherein at the steps (d) and 
(e), the information center generates the work key, 
encrypts the work key by a public key of the compu- 
ter card, and sends a generated and encrypted work 
key along with a signature of the information center 
to the computer card via the information terminal 
device, and the computer card verifies whether the 
signature of the information center is correct or not. 
obtains the work key from the generated and 
encrypted work key, sends the work key receipt sig- 
nature to the information center via the information 
terminal device, and registers the work key along 
with the information identifier. 

3. The method of claim 1, wherein at the step (f), the 
information terminal device sends the work key 
request message containing the random number to 
the computer card, after the work key receipt signa- 
ture is sent from the computer card to the information 
center via the information terminal device. 

4. The method of claim 1. wherein at the step (f), the 
computer card concatenates and encrypts the work 
key and the random number by using a public key of 
the information terminal device, and sends concate- 
nated and encrypted work key and random number 
to the information terminal device, and at the step 
(h), the information terminal device decrypts the 
concatenated and encrypted work key and random 
number, checks whether a decrypted random 
number coincides with the random number con- 
tained in the work key request message, and 
decrypts the encrypted digital information sent from 
the information center by using a decrypted work 
key 

5. A method for digital information protection in a sys- 
tem in which a user makes an access to a digital 
information provided by an information center, by 
connecting a computer card owned .by the user to 
an information terminal device connected with the 
information center, the method comprising the steps 
of: 

(a) carrying out a mutual authentication 
between the computer card and the information 
terminal device; 

(b) carrying out a user authentication by the 
computer card through the information terminal 
device; 

(c) sending an information request specifying 
the desired digital information of the user from 
the information terminal device to the informa- 
tion center by signing and encrypting an infor- 



mation identifier for identifying the desired 
digital information; 

(d) encrypting the desired digital information 
specified by the information request by using 

5 the work key at the information center, and 

sending the encrypted digital information from 
the information center to the information termi- 
nal device and the computer card; 

(e) receiving and storing the encrypted digital 
10 information sent from the information center at 

the information terminal device, and sending an 
information receipt signature from the computer 
card to the information center via the informa- 
tion terminal device; 

15 (f) delivering the work key for encrypting the 

desired digital information from the information 
center to the computer card, and obtaining and 
registering the work key sent from the informa- 
tion center at the computer card, while returning 

20 a delivery certificate from the computer card to 

the information center; 

(g) receiving a work key request message con- 
taining a random number from the information 
terminal device at the computer card, encrypt- 

25 ing the work key according to the random 

number, and sending an encrypted work key 
from the computer card to the information ter- 
minal device; 

(h) receiving and decrypting the encrypted work 
30 key sent from the computer cardrso as to obtain 

the work key at the information terminal device, 
decrypting the encrypted digital information 
stored in the information terminal device by 
using the work key, and providing the decrypted 
35 digital information to the user at the information 

terminal device; and 

(i) sending an encrypted information receipt sig- 
nature from the information terminal device to 
the information center, and recording the infor- 

40 mation request, the encrypted information 

receipt signature, and the delivery certificate as 
a ground for charging at the information center. 

6. The method of claim 1 or 5, wherein at the step (a), 
45 the mutual authentication between the computer 

card and the information terminal device is realized 
by sending a random number generated by the infor- 
mation terminal device to the computer card, signing 
and encrypting the random number at the computer 
so card and returning a signed and encrypted random 
number to the information terminal device, and 
checking whether the signed and encrypted random 
number is consistent with the random number at the 
information terminal device. 

55 

7. The method of claim 1 or 5, wherein at the step (b), 
the user authentication by the computer card is real- 
ized by storing a prescribed password in the compu- 
ter card, checking whether a user input entered at 
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the information terminal device coincides with the 
prescribed password at the computer card, execut- 
ing an error processing when an erroneous user 
input is repeated for a prescribed number of times, 
and invalidating the computer card when the error 5 
processing is repeated for a predetermined number 
of times. 

8. The method of claim 1 or 5, wherein at the step (b), 

the user authentication by the computer card is real- 10 
ized by storing a prescribed password in an 
encrypted state in the computer card, and checking 
whether a user input entered at the information ter- 
minal device coincides with the prescribed password 
in a decrypted state at the computer card, or check- is 
ing whether a user input entered and encrypted at 
the information terminal device coincides with the 
prescribed password in the encrypted state at the 
computer card. 

20 

9. The method of claim 1 or 5, wherein at the step (b), 
the user authentication by the computer card is real- 
ized by storing a prescribed password in the compu- 
ter card, sending a user input entered at the 
information terminal device to the computer card by 25 
a cipher communication, checking whether the user 
input coincides with the prescribed password at the 
computer card, adjusting a parity of a random 
number generated according to whether the user 
input coincides with the prescribed password at the 30 
computer card, and sending the random number to 

the information terminal device by a cipher commu- 
nication. 

10. The method of claim 1 or 5, wherein at the step (b), 35 
the user authentication by the computer card is real- 
ized by storing a prescribed password in the compu- 
ter card, sending a first value indicating a sum or an 
exclusive OR of a user input entered at the informa- 
tion terminal device and a random number gener- 40 
ated at the information terminal device to the 
computer card by a cipher communication, sending 

a second value indicating a difference or an exclu- 
sive OR of the first value and the prescribed pass- 
word at the computer card to the information 45 
terminal device, and checking whether the second 
value coincides with the random number at the infor- 
mation terminal device. 



11- The method of claim 1 or 5, wherein at the step (c), so 
the information terminal device sends the informa- 
tion identifier, a public key of the information center, 
and a certificate for the public key of the information 
center to the computer card, the computer card 
signs and encrypts the information identifier by using 55 
a secret key of the computer card and the public key 
of the information center and returns a signed and 
encrypted information identifier to the information 
terminal device, and the information terminal device 



sends the signed and encrypted information identi- 
fier along with a public key of the computer card and 
a certificate for the public key of the computer card 
to the information center, so as to prevent an 
improper access to the information center. 

12. The method of claim 5, wherein at the step (c), the 
information terminal device sends the information 
identifier, a public key of the information center, and 
a certificate for the public key of the information 
center to the computer card, the computer card 
signs the information identifier and encrypts a 
signed information identifier by using a secret key of 
the computer card and the public key of the informa- 
tion center and returns a signed and encrypted infor- 
mation identifier to the information terminal device, 
the information terminal device sends the signed 
and encrypted information identifier along with a 
public key of the computer card and a certificate for 
the public key of the computer card to the information 
center, and the information center decrypts the 
signed and encrypted information identifier to obtain 
the signed information identifier and utilizes the 
signed information identifier in delivering the work 
key and obtaining the delivery certificate at the step 
(f). 

1 3. The method of claim 5, wherein at the steps (d) and 
(e), the information center generates the work key, 
encrypts the desired digital information by the work 
key, and sends the encrypted digital information 
along with a signature in which the encrypted digital 
information is compressed and signed to the infor- 
mation terminal device, the information terminal 
device stores the encrypted digital information while 
the computer card verifies whether the signature is 
correct or not, and registers the information identifier 
along with an identifier for the information terminal 
device. 

14. The method of claim 5, wherein at the step (e), the 
computer card signs a compressed and encrypted 
digital information to obtain the encrypted informa- 
tion receipt signature, and sends the encrypted 
information receipt signature to the information 
center, and the information center verifies the 
encrypted information receipt signature to confirm 
that the encrypted digital information has been cor- 
rectly stored in the information terminal device and 
the information identifier for the encrypted digital 
information has been registered in the computer 
card. 

15. The method of claim 5. wherein at the step (f), the 
delivery certificate certifies that the work key has 
been correctly delivered from the information center 
to the computer card. 
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16. The method of claim 5, wherein at the step (g), the 
computer card concatenates and encrypts the work 
key and the random number by using a public key of 
the information terminal device, and sends concate- 
nated and encrypted work key and random number 5 
to the information terminal device, and at the step 
(h), the information terminal device decrypts the 
concatenated and encrypted work key and random 
number, checks whether a decrypted random 
number coincides with the random number con- w 
tained in the work key request message, and 
decrypts the encrypted digital information stored in 
the information terminal device by using a decrypted 
work key. 

15 

17. The method of claim 5, further comprising the step 
of: 

transferring another encrypted digital infor- 
mation stored in another information terminal device 
to the information terminal device; and 20 

storing said another encrypted digital infor- 
mation transferred at the transferring step in the 
information terminal device such that said another 
encrypted digital information can be utilized at the 
information terminal device by carrying out the steps 25 
(f) to (i) with respectto said another encrypted digital 
information. 

18. The method of claim 5, further comprising the step 

of: 30 

transferring another encrypted digital infor- 
mation stored in another information terminal device 
to the information terminal device; and 

carrying out the steps (f) to (i) with respect to 
said another encrypted digital information trans- 35 
ferred at the transferring step. 

19. A method for digital information protection in a sys- 
tem in which a user makes an access to a digital 
information provided by an information center, by 40 
connecting a computer card owned by the user to 

an information terminal device connected with the 
information center, the method comprising the steps 
of: 

delivering a work key for encrypting a desired 45 
digital information from the information center to the 
computer card through the information terminal 
device, and registering the work key in the computer 
card; 

delivering the desired digital information so 
encrypted by the work key from the information 
center to the information terminal device; and 

decrypting an encrypted digital information 
delivered from the information center at the informa- 
tion terminal device by using the work key registered 55 
in the computer card, and providing a decrypted dig- 
ital information to the user at the information terminal 
device. 



20. The method of claim 1 9, further comprising the steps 
of: 

sending an information request specifying 
the desired digital information of the user from the 
information terminal device to the information 
center; 

sending a work key receipt signature from the 
computer card to the information center in response 
to a delivery of the work key; 

sending an encrypted information receipt sig- 
nature from the information terminal device to the 
information center in response to a delivery of the 
encrypted digital information; and 

recording the information request, the work 
key receipt signature, and the encrypted information 
receipt signature as a ground for charging at the 
information center. 

21 . The method of claim 1 9, further comprising the steps 
of: 

sending an information request specifying 
the desired digital information of the user from the 
information terminal device to the information 
center; 

sending an encrypted information receipt sig- 
nature from the information terminal device to the 
information center in response to a- delivery of the 
encrypted digital information ; : 

returning a delivery certificate from the com- 
puter card to the information center, in a.'course of a 
delivery of the work key; and -h :v r: - 

recording the information < request, the 
encrypted information receipt signature, and the 
delivery certificate as a ground for charging at the 
information center. ^ 

22. A digital information protection system, comprising: 

an information center for providing a digital 
information; 

an information terminal device connected 
with the information center; and 

a computer card owned by a user, such that 
the user makes an access to the digital information 
provided by the information center by connecting the 
computer card to the information terminal device; 

wherein the information center, the informa- 
tion terminal device, and the computer card are 
adapted to: 

deliver a work key for encrypting a desired 
digital information from the information center to the 
computer card through the information terminal 
device, and register the work key in the computer 
card; 

deliver the desired digital information 
encrypted by the work key from the information 
center to the information terminal device; and 

decrypt an encrypted digital information 
delivered from the information center at the informa- 
tion terminal device by using the work key registered 
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in the computer card, and provide a decrypted digital 
information to the user at the information terminal 
device. 

23. The system of claim 22, wherein the information 5 
center, the information terminal device, and the com- 
puter card are further adapted to: 

send an information request specifying the 
desired digital information of the user from the infor- 
mation terminal device to the information center; 10 

send a work key receipt signature from the 
computer card to the information center in response 
to a delivery of the work key; 

send an encrypted information receipt signa- 
ture from the information terminal device to the infor- 75 
mation center in response to a delivery of the 
encrypted digital information; and 

record the information request, the work key 
receipt signature, and the encrypted information 
receipt signature as a ground for charging at the 20 
information center. 

24. The system of claim 22, wherein the information 
center, the information terminal device, and the com- 
puter card are further adapted to: 25 

send an information request specifying the 
desired digital information of the user from the infor- 
mation terminal device to the information center; 

send an encrypted information receipt signa- 
ture from the information terminal device to the infor- 30 
mation center in response to a delivery of the 
encrypted digital information; 

return a delivery certificate from the compu- 
ter card to the information center in a course of a 
delivery of the work key; and 35 

record the information request, the encrypted 
information receipt signature, and the delivery cer- 
tificate as a ground for charging at the information 
center. 

40 

25. An information center for a digital information pro- 
tection system in which a user makes an access to 
a digital information provided by the information 
center by connecting a computer card owned by the 
user to an information terminal device connected 45 
with the information center, wherein the information 
center, the information terminal device, and the com- 
puter card are adapted to: 

deliver a work key for encrypting a desired 
digital information from the information center to the so 
computer card through the information terminal 
device, and register the work key in the computer 
card; 

deliver the desired digital information 
encrypted by the work key from the information 55 
center to the information terminal device; and 

decrypt an encrypted digital information 
delivered from the information center at the informa- 
tion terminal device by using the work key registered 



242 A1 




in the computer card, and provide a decrypted digital 
information to the user at the information terminal 
device; 

the information center comprising: 

information storage means for storing the dig- 
ital information; 

communication control means for making a 
communication with the information terminal device; 

key generation means for generating the 
work key; 

encryption means for encrypting the digital 
information by using the work key; 

public key cryptosystem means for encrypt- 
ing the work key in order to make a cipher commu- 
nication of the work key; and 

signature conversion means for providing a 
signature of the information center. 

26. The information center of claim 25, further compris- 
ing 

information conversion means for delivering 
the work key to the computer card while receiving a 
delivery certificate from the computer card. 

27. An information terminal device for a digital informa- 
tion protection system in which a user makes an 
access to a digital information provided by an infor- 
mation center by connecting a computer card owned 
by the user to the information terminal device con- 
nected with the information center, wherein the infor- 
mation center, the information terminal device, and 
the computer card are adapted to: 

deliver a work key for encrypting a desired 
digital information from the information center to the 
computer card through the information terminal 
device, and register the work key in the computer 
card; 

deliver the desired digital information 
encrypted by the work key from the information 
center to the information terminal device; and 

decrypt an encrypted digital information 
delivered from the information center at the informa- 
tion terminal device by using the work key registered 
in the computer card, and provide a decrypted digital 
information to the user at the information terminal 
device; 

the information terminal device comprising: 

first communication control means for mak- 
ing a communication with the information center; 

second communication control means for 
making a communication with the computer card; 

information storage means for storing the dig- 
ital information; 

public cryptosystem means for encrypting the 
work key in order to make a cipher communication 
of the work key; signature conversion means for pro- 
viding a signature of the information terminal device; 

random number generation means for gener- 
ating a random number; 
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matching means tor matching the random 
number generated by the random number genera- 
tion means with a random number received from the 
computer card; 

secret key storage means for storing a secret 5 
key of the information terminal device; 

decryption means for decrypting an 
encrypted work key and an encrypted digital infor- 
mation; and 

secrecy protection means for physically pro- w 
tecting a secrecy of the random number generation 
means, the matching means, the secret key storage 
means, and the decryption means. 



28. A computer card for a digital information protection 15 
system in which a user makes an access to a digital 
information provided by an information center by 
connecting the computer card owned by the user to 

an information terminal device connected with the 
information center, wherein the information center, 20 
the information terminal device, and the computer 
card are adapted to: 

deliver a work key for encrypting a desired 
digital information from the information center to the 
computer card through the information terminal 25 
device, and register the work key in the computer 
card; 

deliver the desired digital information 
encrypted by the work key from the information 
center to the information terminal device; and 30 

decrypt an encrypted digital information 
delivered from the information center at the informa- 
tion terminal device by using the work key registered 
in the computer card, and provide a decrypted digital 
information to the user at the information terminal 35 
device; 

the computer card comprising: 

communication control means for making a 
communication with the information terminal device; 

public cryptosystem means for encrypting the 40 
work key in order to make a cipher communication 
of the work key; 

signature conversion means for providing a 
signature of the computer card; and - 

work key storage means for storing the work 45 

key. 

29. The computer card of claim 28, further comprising 

information conversion means for receiving a 
delivery of the work key from the information center so 
while returning a delivery certificate to the informa- 
tion center. 



55 



BNSDOCID: <EP 0715242A1_I_> 



15 



EP 0 715 242 A1 





IX, 




BNSDOCID: <EP 0715242A1_I_> 



16 



EP 0 715 242 A1 




17 



BNSDOCID: <EP 0715242A1J_> 



EP 0 715 242 A1 



O 
W 

S 



w 


CO 


o 
z 






X 






(J 






f- 






< w 


is 








Q S 














Q O 

S 








< 

Cu 



IX 

u 



co 



< 
U 

2 



co 



oc 



v u 
> 



o 


On 
CO 




VOLTAG 
MONITORI 
DEVICE 


\ 


ERY 




P 
< 

CO 



CN 
CO 



\ 




w 

C/5 W 



u 

CQ 



u 



> 

W 
Q 



BNSDOCID: <EP 0715242A1_I_> 



19 



EP 0 715 242 A1 




BNSDOCID: <EP 0715242A1J_> 



20 



EP 0 715 242 A1 



< o-r-< 





b 

E 




T3 
Oh 



z 



o 



CO 





I 

O 
-J 
i— i 
< 



< 



O 



J 
1—1 

^> 

u- 

CO 

W 

oo 
Z 

CO 



-J 

ZD 

Uh 
CO 
CO 

S 

U 

co 
Z 



co 
W 



< 
u 

W 
E— 
< 

< 

K a S 



Q 
w 

< 

CL, 



35 



CO 



tu 



CO 

■— ) 

< 

2- 



■o 
-II 



21 

BNSDOCIO: <EP 0715242A1 J_> 



EP 0 715 242 A1 



r 



tu 

CO 



< 



b 




OS ^ 

o g 



ft) 
O 
< 

CO 
CO 

ft) 
< 

CO 

Q 



O 
U 

!=> 
Q- 

z 



BNSDOCID: <EP 0715242A1_L> 



22 



EP 0 715 242 A1 



b 
E 




23 

BNSDOCID: <EP 0715242A1_I_> 



EP 0 715 242 A1 



it 
o 



Q 
w 

< 



o 



w 
II 



Q 



I 



II C--II 



U oo co 



2 

00 



3 
00 



On 

d 



00 



U 

CO 

Q 



s 

in 

Q 
ll 

D 
00 



24 

BNSDOCID: <EP 0715242A1J_> 



EP 0 715 242 A1 



r 




o 

E 




BNSDOCID: <EP 0715242A1_|_> 



25 



EP0 715 242 A1 



s 

CO 



O 



Z 
O 

B 

Z 



CO 



V 



Z 

o 



>- 
as 
u 

UJ 

Q 



NH 00 
id 

UJ II 
II S 

U GO 



< 



J3 

8 



o 
z 

o 
as 
< 

u 

Pi 
o 

p- 
D 

z 
p 
o 

* o 
u ^ 

- < 
co Q 



SC/3 

Q 
ii 



3 

•Ml 



00 

II 

> 



26 



BNSDOCID- <EP 0715242A1_I_> 



EP 0 715 242 A1 



04 

1— H 

b 

hH 




27 

BNSDOCID: <EP 0715242A1_I_> 



EP 0 715 242 A1 



CO 
r— I 

b 

H— I 




X 





CO 


c : 


g 




"8 - 






E X 


CO 


O 
Q 


is 


Q 
n 

00 




n ii 


< 


>< x 



28 

BNSDOCID: <EP 0715242A1J_> 



EP 0 715 242 A1 



V 



o 



co 

o 

ft/ w 
X ^ 



T3 

O 

s 



* : 
n 



Q 



O 
Z 

5 
ot 
< 

a; 
o 

0- 

Q 

z 

D 
O 

. o 

'53 co 

- < 

- W 

= S3 
04 D 



o 
S 



c CO — 



T3 

i 



CO 
II 

Q 



C/2 

o 

X 
X 



(9 



+ 

"go 
II 



— W 



S 



ii 

PL) 
UJ 



II 



a 



29 

BNSDOCID: <EP 071S242A1 J_> 



EP 0 715 242 A1 



FIG. 15 



V = EKps (WK , r) 




ReqW : WK REQUEST MESSAGE 
(CONTAINING RANDOM NUMBER r) 



30 

BNSDOCID: <EP 0715242A1_I_> 



EP 0 715 242 A1 



FIG. 16 



(1) INFORMATION REQUEST & 
USER AUTHENTICATION 



/"ID u " V R K X 



Req , IDs 




Req 



Req : INFORMATION IDENTIFIER 
RKX : Req , Kpm , Xpm 



(2) INFORMATION DELIVERY & STORAGE 




CD 




(2) INFORMATION DELIVERY 

Kss 2 



r — ^V ec i w ri 



V = EKps(WK , r) 



DECRYP- 



' J I Ition 
£jy CHECK r 



ACK 



ACK = DKss(h(C) 



2\ 




BNSDOCID: <EP 0715242A1_I_> 



31 



EP 0 715 242 A1 



European Patent 
Office 



EUROPEAN SEARCH REPORT 



Application Number 

EP 95 11 8958 



DOCUMENTS CONSIDERED TO BE RELEVANT 




Category 


Citation of document with indication, where appropriate, 

of relevant passages 


Relevant 
to claim 


CLASSIFICATION OF THE 
APPLICATION (Int.CI.6) 


Y 


W0-A-93 1G5G9 (SECURITY DOMAIN PTY LTD) 27 
May 1993 

* abstract; figure 1 * 

* page 2, line 5 - page 9, line 15 * 

* page 12, line 13 - page 15, line 12 * 


1,5-8, 
13,15, 
19-25, 
27,28 


G06F1/O0 


Y 


MAPPING NEW APPLICATIONS ONTO NEW 
TECHNOLOGIES, ZURICH, MAR. 8 - 10, 1988, 
no. 8 March 1988 PLATTNER B;GUNZBURGER 
P* 

pages 45-52, XP 00G2 15989 
SIUDA K 'SECURITY SERVICES IN 
TELECOMMUNICATIONS NETWORKS' 
* the whole document * 


1,5-8, 
13,15, 
19-25, 
2/ ,28 




D,A 


TRANSACTIONS OF THE IEICE, 

no. 7, July 1990 TOKYO, JP, 
pages 1133-1146, XP 000159229 
R.MORI ET AL ' Superdi stri buti on : The 
Concept and the Architecture' 
* page 1135, left column, line 1 - right 
col umn 1 i ne 8 * 


1-29 








TECHNICAL FIELDS 
SEARCHED (Int.C1.6) 






G06F 


A 


US-A-5 224 166 (HARTMAN JR ROBERT C) 29 
June 1993 

* the whole document * 


1-29 




A 


US-A-4 408 119 (DECAVELE DOMINIQUE) 4 
October 1983 

* summary of the invention * 


7 




A 


FR-A-2 697 929 (INNOVATRON SA) 13 May 1994 
* abstract * 


25,28 




The present search report has been drawn up for all claims 







Place of search 

THE HAGUE 



Date of coaapiHioo of the scare* 

22 March 1996 



Powell, D 



CATEGORY OF CITED DOCUMENTS 

X : particularly relevant if taken alone 

Y : particularly relevant if combines with another 

document of the same category 
A : technological background 
O : non-written disclosure 
P : intermediate document 



T : theory or principle underlying the invention 
E : earlier patent document, but published on, or 

after the filing date 
D : document cited in the application 
L : document cited for other reasons 

& : member of the same patent family, corresponding 



32 




Application No: 
Claims searched: 



o 
o 




Office 



AT 



GB 0224228.7 
1-33 



Examiner: 
Date of search: 




INVESTOR IN PEOPLE 



Nigel Hanley 

10 December 2002 



Patents Act 1977 : Search Report under Section 17 
Documents considered to be relevant: 



Category 


Relevant 
to claims 


Identity of document and passage or figure of particular relevance 


X 


1,18,26 at 
least 


US 6226744 Bl 


AT&T - See whole document. Note the method 
or auuienucaung a users access to restricted 
information using access codes and a smart 
card. 


X 


1,18,26 at 
least 


WO 2001/082167 Al 


PHILIPSON - See whole document especially 
Figs 3-5 and Page 7 Line 8 - Page 9 Line 31. 
Note the use of a smart card to store 
information which is used to authenticate the 
user with a remote server. 


X 


1,18,26 at 
least 


WO 2001/026061 Al 


AB TRYGGIT - See whole document. Note 
storage of code words in a mobile phone for use 
in authenticating transactions by the subscriber. 


X 


1,18,26 at 
least 


EP 1043648 A2 


SUN - See whole document. Note use of smart 
cards in an authentication network. Note 
especially use of multiple authentication 
modules. 


X 


1,18,26 at 
least 


US 6230002 Bl 


ERICSSON - See whole document especially 
Fig 2 & 3 and Column 6 Lines 30- Column 8 
Line 17. Note generation of a password from a 
SIM for use in an authentication procedure over 
a network. 


X 


1,18,26 at 
least 


US 5590199 A 


KRAJEWSKI - See whole document. Note 
method of authenticating a user to access 
services in a network using a smart card. 



Categories: 



X Document indicating lack of novelty or inventive step 

Y Document indicating lack of inventive step if combined 
with one or more other documents of same category. 

& Member of the same patent family 



A Document indicating technological background and/or state of the art. 

P { Document published on or after the declared priority date but before 
the filing date of this invention. 

E Patent document published on or after, but with priority date earlier 
than, the filing date of this application. 



An Executive Agency of the Department of Trade and Industry 



THUS PAGE BLAMK (usptod 




# 



I Office S 
\ ^ 



INVESTOR IN PEOPLE 



Application No: 
Claims searched: 



GB 0224228.7 
1-33 



Examiner: 
Date of search: 



Nigel Hanley 

10 December 2002 



Field of Search: 

Search of GB, EP, WO & US patent documents classified in the following areas of the UKC T : 
G4A 

Worldwide search of patent documents classified in the following areas of the IPC 7 : 

G06F 

The following online and other databases have been used in the preparation of this search report : 
WPI, EPODOC, JAPIO 



An Executive Agency of the Department of Trade and Industry 



This Page is Inserted by IFW Indexing and Scanning 
Operations and is not part of the Official Record 



Defective images within this document are accurate representations of the original 
documents submitted by the applicant. 

Defects in the images include but are not limited to the items checked: 

□ BLACK BORDERS 

□ IMAGE CUT OFF AT TOP, BOTTOM OR SIDES 



U FADED TEXT OR DRAWING 

□ BLURRED OR ILLEGIBLE TEXT OR DRAWING 

□ SKEWED/SLANTED IMAGES 

□ COLOR OR BLACK AND WHITE PHOTOGRAPHS 

□ GRAY SCALE DOCUMENTS 

□ LINES OR MARKS ON ORIGINAL DOCUMENT 

□ REFERENCE(S) OR EXHIBIT(S) SUBMITTED ARE POOR QUALITY 

□ OTHER: 

IMAGES ARE BEST AVAILABLE COPY. 
As rescanning these documents will not correct the image 
problems checked, please do not report these problems to 
the IFW Image Problem Mailbox. 



BEST AVAILABLE IMAGES 




WIS PAGE BLANK (usfti 



